CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. Please remember to file security bugs if there are security issues in your packages!
Hi, did not know that. There is already a github PR for this: https://github.com/gentoo/gentoo/pull/22287
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3434fdb7c1eba3721771dece9523b70d9775bbe1 commit 3434fdb7c1eba3721771dece9523b70d9775bbe1 Author: Martin Dummer <martin.dummer@gmx.net> AuthorDate: 2021-09-13 23:27:44 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2021-09-14 20:15:04 +0000 net-ftp/atftp: version bump to 0.7.5 Version 0.7.5 (Bugfix, Security Fix Release) fix many bugs, fix denial-of-service buffer overflow CVE-2021-41054 new feature: add an option to prevent the Sorcerer's Apprentice Syndrome Closes: https://bugs.gentoo.org/813079 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Martin Dummer <martin.dummer@gmx.net> Signed-off-by: Tobias Klausmann <klausman@gentoo.org> net-ftp/atftp/Manifest | 1 + net-ftp/atftp/atftp-0.7.5.ebuild | 66 ++++++++++++++++++++++++++++ net-ftp/atftp/files/atftp-0.7.5-CFLAGS.patch | 32 ++++++++++++++ 3 files changed, 99 insertions(+)
(In reply to Martin Dummer from comment #1) > Hi, did not know that. > > There is already a github PR for this: > https://github.com/gentoo/gentoo/pull/22287 No worries and thanks! Please file a stablereq to block this bug when ready.
Stablereq can be a dependency, we want to be notified when the stablereq is finished. Not sure if bugzie notifies us when a see also'd bug is finished.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b10149133d44a4e5c41905c8f88427c10bc6a6 commit 99b10149133d44a4e5c41905c8f88427c10bc6a6 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2021-10-02 09:22:27 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2021-10-02 09:22:38 +0000 net-ftp/atftp: Remove old (vulnerable) v0.7.4 Bug: https://bugs.gentoo.org/show_bug.cgi?id=813079 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> net-ftp/atftp/Manifest | 1 - net-ftp/atftp/atftp-0.7.4.ebuild | 66 ---------------------------------------- 2 files changed, 67 deletions(-)
CVE-2021-46671 (https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5): options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
